Ubuntu
x2goclient package

  1. Bug #1856795
  2. Comment #6

Comment 6 for bug 1856795

Revision history for this message
Graham Inggs (ginggs) wrote : Re: X2Go Client broken by 0.8.0~20170825.94fa1e38-1ubuntu0.5

Fixed in focal:

x2goclient (4.1.2.1-4) unstable; urgency=medium

  * debian/patches:
    + Add libssh-regression-fix-CVE-2019-14889.patch. In src/sshprocess.cpp:
      strip ~/, ~user{,/}, ${HOME}{,/} and $HOME{,/} from destination paths
      in scp mode. Fixes: #1428. This was already necessary for pascp (PuTTY-
      based Windows solution for Kerberos support), but newer libssh versions
      with the CVE-2019-14889 also interpret paths as literal strings.
      (Closes: #947129).

 -- Mike Gabriel <email address hidden> Sat, 21 Dec 2019 17:56:23 +0100